yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 17:05:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,400 Commits 88 Branches 205 Tags 69 MiB
c6935e8b19
Commit Graph

16400 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Janos Follath
c6935e8b19 Update mailing list links 
The mailing list software has been updated and the links have changed.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-01-12 13:17:16 +00:00
Gilles Peskine
4ed2844405
Merge pull request #5312 from gilles-peskine-arm/add_list_config_function-2.x 
Backport 2.x: Add list config function
 2021-12-20 22:08:01 +01:00
Dave Rodgman
53c268e6a9
Merge pull request #873 from ARMmbed/mbedtls-2.28.0_merge_into_release 
Mbedtls 2.28.0 merge into release
 2021-12-17 11:22:26 +00:00
Dave Rodgman
8b3f26a5ac
Merge pull request #868 from ARMmbed/mbedtls-2.28.0rc0-pr 
Mbedtls 2.28.0rc0 pr
 2021-12-15 13:47:54 +00:00
Dave Rodgman
d41dab39c5 Bump version to 2.28.0 
Executed ./scripts/bump_version.sh --version 2.28.0 --so-tls 14

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-15 11:55:31 +00:00
Dave Rodgman
29c3aee6a7 Update branch information in BRANCHES.md 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-15 11:53:12 +00:00
Dave Rodgman
f00d9a2340 Minor Changelog updates & fixes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-15 11:52:54 +00:00
Dave Rodgman
0798a827c8 Assemble changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-15 11:48:21 +00:00
Ronald Cron
2d2fb47e45 Add change log for #4883 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-15 11:47:25 +00:00
Dave Rodgman
04e920410d Add missing changelog for ARIA (#5051) 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-14 12:53:07 +00:00
Dave Rodgman
08412e2a67 Merge remote-tracking branch 'restricted/development_2.x-restricted' into mbedtls-2.28.0rc0-pr 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-14 12:52:51 +00:00
Gilles Peskine
c97cc18fb8
Merge pull request #5327 from gilles-peskine-arm/zeroize-tag-2.28 
Backport 2.2x: Zeroize expected MAC/tag intermediate variables
 2021-12-13 19:09:32 +01:00
Gilles Peskine
f9a0501683 mbedtls_cipher_check_tag: jump on error for more robustness to refactoring 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 16:59:04 +01:00
Gilles Peskine
384b98bdae
Merge pull request #5310 from paul-elliott-arm/pkcs12_fix_2.x 
Backport 2.x: Fixes for pkcs12 with NULL and/or zero length password
 2021-12-13 14:52:44 +01:00
Gilles Peskine
622d80453b Initialize hash_len before using it 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 14:45:38 +01:00
Gilles Peskine
d61551c017 Generalize MAC zeroization changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 13:55:17 +01:00
Gilles Peskine
8c99a760d5 PKCS#1v1.5 signature: better cleanup of temporary values 
Zeroize temporary buffers used to sanity-check the signature.

If there is an error, overwrite the tentative signature in the output
buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 13:55:17 +01:00
Gilles Peskine
f91b2e5a97 mbedtls_ssl_parse_finished: zeroize expected finished value on error 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 13:55:17 +01:00
Gilles Peskine
69d3b86baa mbedtls_ssl_cookie_check: zeroize expected cookie on cookie mismatch 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 13:49:14 +01:00
Gilles Peskine
b3f4e5b1e1 PSA hash verification: zeroize expected hash on hash mismatch 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 13:49:14 +01:00
Gilles Peskine
dc269bbd08 mbedtls_cipher_check_tag: zeroize expected tag on tag mismatch 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 13:49:14 +01:00
Paul Elliott
5752b4b7d0 Add expected output for tests 
Expected output generated by OpenSSL (see below) apart from the case
where both password and salt are either NULL or zero length, as OpenSSL
does not support this. For these test cases we have had to use our own
output as that which is expected. Code to generate test cases is as
follows:

 #include <openssl/pkcs12.h>
 #include <openssl/evp.h>
 #include <string.h>

int Keygen_Uni( const char * test_name, unsigned char *pass, int
    passlen, unsigned char *salt,
                    int saltlen, int id, int iter, int n,
                                    unsigned char *out, const EVP_MD
                                    *md_type )
{
   size_t index;

   printf( "%s\n", test_name );

   int ret = PKCS12_key_gen_uni( pass, passlen, salt, saltlen, id, iter,
                                        n, out, md_type );

   if( ret != 1 )
   {
         printf( "Key generation returned %d\n", ret );
      }
   else
   {
         for( index = 0; index < n; ++index )
         {
                  printf( "%02x", out[index] );
               }

         printf( "\n" );
      }

   printf( "\n" );

}

int main(void)
{
   unsigned char out_buf[48];
   unsigned char pass[64];
   int pass_len;
   unsigned char salt[64];
   int salt_len;

   /* If ID=1, then the pseudorandom bits being produced are to be used
      as key material for performing encryption or decryption.

            If ID=2, then the pseudorandom bits being produced are to be
            used as an IV (Initial Value) for encryption or decryption.

                  If ID=3, then the pseudorandom bits being produced are
                  to be used as an integrity key for MACing.
                     */

   int id = 1;
   int iter = 3;

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( pass, 0, sizeof( pass ) );
   memset( salt, 0, sizeof( salt ) );

   Keygen_Uni( "Zero length pass and salt", pass, 0, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass and salt", NULL, 0, NULL, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Zero length pass", pass, 0, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass", NULL, 0, salt, 8, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( salt, 0, sizeof( salt ) );

   pass[0] = 0x01;
   pass[1] = 0x23;
   pass[2] = 0x45;
   pass[3] = 0x67;
   pass[4] = 0x89;
   pass[5] = 0xab;
   pass[6] = 0xcd;
   pass[7] = 0xef;

   Keygen_Uni( "Zero length salt", pass, 8, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL salt", pass, 8, NULL, 0, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Valid pass and salt", pass, 8, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   return 0;
}

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:15:28 +00:00
Paul Elliott
c89e209ded Remove incorrect hashing 
Incorrect interpretation of 'empty'

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott
8d7eef470b Add explanation for safety in function 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott
7a342a24ff Delete unneccesary changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott
270a264b78 Simplify Input usage macros 
Also ensure they are used in test data rather than values

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott
73051b4176 Rename (and relabel) pkcs12 test case 
Remove surplus _test suffix. Change labeling from Pcks12 to PCKS#12 as
it should be.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott
8ca8f2d163 Remove incorrect test dependency 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott
ce22008c63 Documentation fixes 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott
2ab9a7a57a Stop CMake out of source tests running on 16.04 
Running the out of source CMake test on Ubuntu 16.04 using more than one
processor (as the CI does) can create a race condition whereby the build
fails to see a generated file, despite that file actually having been
generated. This problem appears to go away with 18.04 or newer, so make
the out of source tests not supported on Ubuntu 16.04

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott
1a3540afbe Fix missing test dependancies 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott
13d5a3429a Add PKCS12 tests 
Only regression tests for the empty password bugs for now. Further tests
will follow later.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:23 +00:00
Dave Rodgman
1c68ba1afd
Merge pull request #5314 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac-2.x 
Backport 2.x: Check HMAC return values
 2021-12-13 10:51:28 +00:00
Gilles Peskine
2b3f21dc0b Catch failures of md_hmac operations 
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.

Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-11 15:02:06 +01:00
Gilles Peskine
d8e2e8347b Zeroize local MAC variables 
Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption,
this is just good hygiene but probably not needed for security since the
data protected by the MAC that could leak is about to be transmitted anyway.
In DTLS decryption, this could be a security issue since an adversary could
learn the MAC of data that they were trying to inject. At least with
encrypt-then-MAC, the adversary could then easily inject a datagram with
a corrected packet. TLS would still be safe since the receiver would close
the connection after the bad MAC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-11 14:24:23 +01:00
Gilles Peskine
9e8f3a6b71
Merge pull request #5308 from minosgalanakis/development_2.x 
Backport 2.x: Document platform architecture portability constraints
 2021-12-10 21:13:09 +01:00
Gilles Peskine
5e41e0e934 Update generated file 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-10 20:19:30 +01:00
Jerry Yu
47569e097e fix help message issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Jerry Yu
d351ed3a6a fix msvc build faile 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Jerry Yu
969c01a234 Beauty source code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Jerry Yu
cf080ce821 fix ci fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Jerry Yu
bbfa1d8c19 Replace configs_enabled check with query_compile_time_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Jerry Yu
4f2dff429a Add list_config into query_comile_time_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Jerry Yu
0abd677ed7 Add list_config generation 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Paul Elliott
7412eb4bc2 Better fix for empty password / salt 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 17:48:12 +00:00
Paul Elliott
a59cc3dbc7 Further documentation improvements 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 17:48:12 +00:00
Paul Elliott
f294ff5d87 Make changelog more specific 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 17:48:12 +00:00
Paul Elliott
fe724fe618 Fix for pkcs12 with NULL or zero length password 
Previously passing a NULL or zero length password into either
mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate
loop, and it was also possible to pass a NULL password, with a non-zero
length, which would cause memory corruption.
I have fixed these errors, and improved the documentation to reflect the
changes and further explain what is expected of the inputs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 17:48:12 +00:00
Gilles Peskine
18a59b7d4c
Merge pull request #5306 from gilles-peskine-arm/test-missing-ret-check-202112-2.x 
Backport 2.x: Missing error checks + test bug on unlikely failure
 2021-12-10 17:41:49 +01:00
Minos Galanakis
5c93a9f214 Update changelog & readme 
This patch adds explicit wording to state
that Two's complement is the official
supported signed integer representation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2021-12-10 15:57:54 +00:00